CRISC IT Risk Assessment Techniques 3

Question 1

Which risk assessment scope consideration is UNIQUE to IT environments compared to general business risk?

Accepted Answer

Interdependencies between interconnected systems and platforms

Answer

IT risk assessments must uniquely account for cascading failures across interconnected systems, which is more complex than assessing independent business units.

Question 2

A risk scenario is MOST useful in risk assessment because it:

Accepted Answer

Provides a realistic narrative linking threats, vulnerabilities, and business impacts

Answer

Risk scenarios connect threat actors, vulnerabilities, and business impacts into a coherent story that helps stakeholders understand and prioritize risks.

Question 3

When conducting a business impact analysis (BIA), which output is MOST directly used in IT risk assessment?

Accepted Answer

Recovery time objectives and critical process dependencies

Answer

RTOs and critical process dependencies from a BIA directly inform which IT risks have the highest business impact, guiding prioritization.

Question 4

The inherent risk of an IT process is BEST defined as:

Accepted Answer

The risk level before any controls are applied

Answer

Inherent risk is the raw, unmitigated risk level of an activity before any controls or countermeasures are taken into account.

Question 5

Which approach BEST ensures that a risk assessment remains relevant over time?

Accepted Answer

Periodic reassessment triggered by significant changes in the environment

Answer

Risk assessments must be refreshed whenever significant changes occur (new systems, threats, regulations) to remain accurate and actionable.

CRISC - Certified in Risk and Information Systems Control Practice Test

CRISC - Certified in Risk and Information Systems Control Practice Test

CRISC IT Risk Assessment Techniques 3